GDPR: what it means and why we need to be on our best behaviour

Even if you’re not yet au fait with the ins and outs of what GDPR is and how it will affect your business, I’m assuming you’ve heard of it – from the abundance of news and online articles to the increased activity in your IT and customer management teams.

GDPR is the General Data Protection Regulation and it’s a legal requirement from 25 May 2018, replacing the existing Data Protection Directive at European Union level and the UK Data Protection Act 1998. It applies to anyone handling data belonging to EU residents, which means it almost definitely will apply to your organisation.

Why is it being introduced? Partly because of globalisation and the increasing number of businesses operating multinationally, and partly because of the growing digital economy we all operate in. The introduction of GDPR means data protection laws will now assume a level of international consistency and they also class digital footprints - IP addresses, cookies, MAC addresses – as personal data for the first time.

Like all things, the digital revolution and the increased level of access to personal data has both pros and cons. For organisations, it means we can understand our customers better and provide communications that are better targeted and more relevant and valuable to our audiences. As a result, customers benefit from personalised content, tailored offerings, less spam and increased, more convenient, transaction speeds.

But the downside of so much personal data being stored online is that it can be at risk of misuse.

Following a number of high profile data breaches and global cyber attacks this year alone, it is clear that new levels of data protection and security are a requirement of today’s digitally connected world and why we in the business travel industry, as much as any other industry, need to be at the top of our game.

As an organisation that’s responsible for managing data on behalf of thousands of travellers, it’s crucial that we at CTM can reassure our travellers and our clients that this information is being collected, stored and used both responsibly and with each person’s consent. And that’s what GDPR will do: introduce an accountability-based framework for handling the way personal information is acquired, used and shared.

For businesses who fail to comply with GDPR, a breach of data use could result in fines of up to €20 million (about £18 million) or 4 per cent of annual turnover, whichever is greater.

25 May 2018 isn’t so far away - if you haven’t already started planning for GDPR, I would start now.

This post was written by Karen Janssen, Chief Information Officer at Corporate Travel Management (CTM), a top ten global TMC exhibiting at the Business Travel Show in February. To register for a free visitor pass and meet up with CTM (stand B620) to discuss GDPR and all of your other travel management needs.